We use cookies to ensure that we give you the best experience on our website. By
continuing to browse, we are assuming that you have no objection in accepting cookies.
You can change your cookie
settings at any time.

3. By using that key, the .dll will be loaded in every process that uses user32.dll and it will also monitor the registry in order to ensure itself thatit is not prevented from running when the computer starts.

4. It will try to create a connection with 83.149.75.54 in order to download a file.

5. A file called removalfile.bat will be created in the current user's C:/temp directory and it will be run